fix: deps update, also using jsdom in frontend tests

[HardMax71]

---

Summary by cubic

Updates backend and frontend dependencies, switches frontend tests to jsdom, bumps CI artifact uploads to v7, and updates stylelint rules for nested selectors.

• Dependencies

  • Backend: aiokafka 0.13.0, google-auth 2.48.0, charset-normalizer 3.4.4, kubernetes_asyncio 35.0.1; refreshed uv.lock.
  • Frontend: @playwright/test 1.58.2, eslint 10.0.2, @uiw/codemirror-theme-github 4.25.5; frontend tests now run on jsdom; stylelint config adds nesting-selector-no-missing-scoping-root with ignores for utility, variant, custom-variant.
  • CI: actions/upload-artifact updated to v7 in sbom-compliance and stack-tests workflows.

• Migration

  • Backend: run uv sync to install updated packages.
  • Frontend: run npm ci; no config changes needed for jsdom.

^{Written for commit 51845c2. Summary will update on new commits.}

Summary by CodeRabbit

• Chores
  • Updated CI workflows to use newer artifact uploader and added shorter retention for artifacts.
  • Bumped multiple backend Python dependencies.
  • Updated frontend dependencies and developer tooling, including test framework and build tooling.
• Style
  • Added a new stylelint rule to strengthen CSS nesting validation.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fb496cd and 51845c2.

📒 Files selected for processing (1)

• frontend/.stylelintrc.json

---

📝 Walkthrough

Walkthrough

This PR updates GitHub Actions to use actions/upload-artifact@v7 (adds retention), bumps several backend Python package versions, updates multiple frontend npm/devDependencies (including replacing happy-dom with jsdom), and adds a new Stylelint rule for nesting selector scoping.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflows \.github/workflows/sbom-compliance.yml, \.github/workflows/stack-tests.yml	Replaced actions/upload-artifact@v6 → actions/upload-artifact@v7 in multiple steps; added retention-days: 5 to SBOM upload.
Backend Dependencies backend/pyproject.toml	Bumped Python dependency versions: charset-normalizer, aiokafka, google-auth, kubernetes_asyncio, and test pluggy.
Frontend Dependencies & Tooling frontend/package.json	Updated npm dependencies/devDependencies (e.g., @uiw/codemirror-theme-github, @playwright/test, eslint, tailwindcss); replaced happy-dom with jsdom; updated Stylelint and related packages.
Frontend Stylelint Config frontend/.stylelintrc.json	Added nesting-selector-no-missing-scoping-root rule with ["true", { "ignoreAtRules": ["utility", "variant", "custom-variant"] }].

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• deps bump #98 — Related GitHub Actions changes updating actions/upload-artifact version in workflows.
• fix: deps update #235 — Overlapping dependency and workflow version bumps touching backend and frontend manifests.
• fix: updated deps #166 — Related dependency version updates in backend and frontend manifest files.

Poem

🐰 I hopped through YAML, packages in paw,
Upgraded artifacts, kept CI in awe.
Pip and npm got a fresh little tune,
Stylelint watches the nest by the moon,
Hop, patch, release — we celebrate soon!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: deps update, also using jsdom in frontend tests' accurately and concisely summarizes the main changes: dependency updates across backend and frontend, plus switching frontend tests to jsdom.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/deps-update2

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 6 files

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Flag	Coverage Δ
backend-e2e	83.14% <ø> (+0.07%)	⬆️
backend-unit	67.89% <ø> (ø)
frontend-unit	86.78% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.
see 2 files with indirect coverage changes

Components	Coverage Δ
Backend	90.14% <ø> (+0.08%)	⬆️
Frontend	86.78% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

Updates dependency locks across the frontend (npm) and backend (uv) while switching frontend unit-test DOM emulation to JSDOM, and refreshes GitHub Actions artifact upload usage.

Changes:

• Frontend: bump dev tooling dependencies (Playwright, ESLint, Stylelint, Tailwind, CodeMirror theme) and replace happy-dom with jsdom.
• Backend: bump several pinned Python dependencies and update uv.lock accordingly (e.g., aiokafka, google-auth, kubernetes_asyncio, pluggy).
• CI: update workflows to use actions/upload-artifact@v7.

Reviewed changes

Copilot reviewed 4 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
frontend/package.json	Bumps frontend dev tooling deps; swaps happy-dom → jsdom.
frontend/package-lock.json	Regenerates npm lockfile for updated deps (includes JSDOM and related tree changes).
backend/pyproject.toml	Bumps pinned backend Python dependency versions.
backend/uv.lock	Updates resolved/locked Python dependency graph (incl. new cryptography from google-auth).
.github/workflows/stack-tests.yml	Updates artifact upload action major version.
.github/workflows/sbom-compliance.yml	Updates artifact upload action major version.

Files not reviewed (1)

• frontend/package-lock.json: Language not supported

Comments suppressed due to low confidence (2)

.github/workflows/sbom-compliance.yml:56

• Please double-check that actions/upload-artifact@v7 is a valid, released major version and that it supports the inputs used here. If not, this will break artifact uploads in CI; consider pinning to the latest known supported major (or a commit SHA) instead.

      - name: Upload SBOM Artifact
        uses: actions/upload-artifact@v7
        with:
          name: ${{ matrix.component }}-sbom
          path: ${{ matrix.component }}-sbom.spdx.json
          retention-days: 5

.github/workflows/stack-tests.yml:358

• Please double-check that actions/upload-artifact@v7 is a valid, released major version and that it supports the inputs used here. If not, this will break artifact uploads in CI; consider pinning to the latest known supported major (or a commit SHA) instead.

      - name: Upload Playwright report
        uses: actions/upload-artifact@v7
        if: always()
        with:
          name: playwright-report-${{ matrix.shardIndex }}
          path: frontend/playwright-report/

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@backend/pyproject.toml`:
- Line 25: The pyproject dependency pin for kubernetes_asyncio is invalid
(35.0.1 doesn't exist); update the version specifier for the kubernetes_asyncio
dependency to the latest published release (kubernetes_asyncio==35.0.0) so
installs succeed, leaving aiokafka==0.13.0 unchanged; locate the
kubernetes_asyncio entry in pyproject.toml and replace the version token
accordingly.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2454249 and fb496cd.

⛔ Files ignored due to path filters (2)

• backend/uv.lock is excluded by !**/*.lock
• frontend/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (4)

• .github/workflows/sbom-compliance.yml
• .github/workflows/stack-tests.yml
• backend/pyproject.toml
• frontend/package.json

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud